The past decade has been marked by a technological revolution driven by the convergence of the data processing industry with the consumer electronics industry. The effect has, in turn, driven technologies that have been known and available but relatively quiescent over the years. A major one of these technologies is Internet related distribution of documents. The Web or Internet, which had quietly existed for over a generation as a loose academic and government data distribution facility, reached, “critical mass” and commenced a period of phenomenal expansion. With this expansion, businesses and consumers have direct access to all matter of documents and media through the Internet.
With the advent of consumer digital technology, content such as music and movies are no longer bound to the physical media that carry it. Advances in consumer digital technology present new challenges to content owners such as record labels, studios, distribution networks, and artists who want to protect their intellectual property from unauthorized reproduction and distribution. Recent advances in broadcast encryption offer an efficient alternative to more traditional solutions based on public key cryptography. In comparison with public key methods, broadcast encryption requires orders of magnitude less computational overhead in compliant devices. In addition, broadcast encryption protocols are one-way, not requiring any low-level handshakes, which tend to weaken the security of copy protection schemes.
“International Business Machines™has developed a content protection system based on broadcast encryption . . . ”called eXtensible Content Protection, referred to as “xCP.” xCP supports a trusted domain called a ‘cluster’ that groups together a number of compliant devices. Content can freely move among these devices, but it is useless to devices that are outside the cluster.
Each compliant device is manufactured with a set of device keys. A key management block (“KMB”) is a data structure containing an encryption of a management key using every compliant device key in the set of device keys for a compliant device. That is, a KMB contains a multiplicity of encrypted instances of a management key, one for every device key in the set of device keys for a device. Each compliant device, using one of its own device keys, is capable of extracting an encrypted management key from a key management block and decrypting it. That is, the management key for a cluster is calculated from the key management block, and it is the ability to calculate a management key from a key management block that distinguishes compliant devices.
A cluster is a private domain. Compliant devices can join a cluster. Each compliant device stores a KMB and a list of authorized devices for the cluster, called an authorization table. Each device can also authorize other compliant devices to join the cluster. In a compliant cluster, when a consumer purchases a new device and installs it in his home, the device automatically determines whether a cluster is currently present, and asks to join the cluster. If no cluster is present, the device creates a new cluster consisting only of itself. Additional devices installed later will join this cluster. Each piece of content or each content stream in the home is protected with a unique key. These keys are called title keys. Each title key is encrypted with a master key for the particular home, called a binding key. To play protected content, a device reads the encrypted title key embedded in the content file and decrypts it with the binding key. Then, with the title key, the device decrypts the content itself. The binding key is calculated as the cryptographic hash of three quantities: the management key, the cluster ID, and a hash of the cluster's authorization table. The cluster ID is a unique identification code for a cluster established at cluster startup. The network authorization table is a simple file whose records represent the list of devices in the cluster.
A new compliant device may join a cluster as follows:                The new device broadcasts a “whosthere” message to a cluster network.        An existing device answers with an “imhere” message, including cluster name, the cluster KMB, and a hash of a cluster authorization table.        The new device downloads the KMB from the existing device.        The new device computes the cluster management key from the KMB and its own device keys.        The new device computes a message authorization code (“MAC”) by cryptographically hashing the management key with the new device's deviceID.        The new device sends an authorization request to the cluster server, including the new device's deviceID and device type.        The existing device computes the management key using the KMB and its own device keys. This management key is the same as the management key computed by the new device.        The existing device computes the MAC using the new device's deviceID and device type, verifying the MAC received from the new device.        If the MAC matches, the existing device adds the new device to its authorization table.        The existing device sends an ‘authorized’ message to the new device, including an encrypted clusterID, encrypted with a authorization key created by hashing the management key and the new device's deviceID.        The new device generates the authorization key by hashing the management key and the new device's deviceID and uses the authorization key to decrypt the encrypted clusterID.        The new device downloads the new authorization table from the existing device.        The new device computes the binding key for the cluster by hashing the management key, a hash of the new authorization table, and the clusterID.        
There are some drawbacks to this procedure. The xCP Cluster Protocol is intended to provide an infrastructure for legally and securely sharing multimedia content between a plurality of devices connected by a network transport mechanism, and establishes trust among the devices with a secure, cryptographic handshake after receiving the “imhere” message from a receiving device. However, the xCP Cluster Protocol described above allows restrictions on playing content in restricted geographic areas to be violated. One possible such restriction is a “blackout area,” where playing a specific piece of content or content stream is disallowed by the content producer.